On Sun, Nov 07, 2004 at 05:22:43PM -0500, Faheem Mitha wrote: > /usr/share/doc/ssh/README.Debian says > > ********************************************************************** > OpenSSH 3.8 invented ForwardX11Trusted, which when set to no causes the > ssh client to create an untrusted X cookie so that attacks on the > forwarded X11 connection can't become attacks on X clients on the remote > machine. However, this has some problems in implementation - notably a > very short timeout of the untrusted cookie - breaks large numbers of > existing setups, and generally seems immature. The Debian package > therefore sets the default for this option to "no" (in ssh itself, > rather than in ssh_config). > *********************************************************************** > > I think the "no" in the second to last line of that para should be "yes", > since in fact "ForwardX11Trusted yes" is the default, and otherwise the para > does not make sense.
Good catch, thanks. Fixed in CVS. -- Colin Watson [EMAIL PROTECTED]
